2 classical encryption

5/13/2018 2 Classical Encryption - slidepdf.com

http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 1/54

Classical Encryption

Techniques

CSE 651: Introduction to Network

Security



Classical encryption techniques

As opposed to modern cryptography

Goals:

± to introduce basic concepts & terminology of

encryption

± to prepare us for studying modern

cryptography

2



Basic terminology

Plaintext: original message to beencrypted

Ciphertext: the encrypted message Enciphering or encryption: the process of

converting plaintext into ciphertext

Encryption algorithm: performs encryption

± Two inputs: a plaintext and a secret key

3



Symmetric Cipher Model

4



Deciphering or decryption: recovering

plaintext from ciphertext

Decryption algorithm: performs decryption

± Two inputs: ciphertext and secret key

Secret key: same key used for encryption

and decryption

± Also referred to as a symmetric key

5



Cipher or cryptographic system : a scheme

for encryption and decryption

Cryptography: science of studying ciphers

Cryptanalysis: science of studying attacksagainst cryptographic systems

Cryptology: cryptography + cryptanalysis

6



Ciphers

Symmetric cipher: same key used for encryption and decryption

± Block cipher: encrypts a block of plaintext at a

time (typically 64 or 128 bits)

± Stream cipher: encrypts data one bit or one byte

at a time

Asymmetric cipher: different keys used for encryption and decryption

7



Symmetric Encryption

or conventional / secret-key / single-key

sender and recipient share a common key

all classical encryption algorithms aresymmetric

The only type of ciphers prior to the

invention of asymmetric-key ciphers in1970¶s

by far most widely used

8



Symmetric Encryption

Mathematically:Y = EK ( X ) or Y = E(K , X )

X = DK (Y ) or X = D(K , Y )

X = plaintext Y = ciphertext

K = secret key

E = encryption algorithm D = decryption algorithm

Both E and D are known to public

9



Cryptanalysis

Objective: to recover the plaintext of aciphertext or, more typically, to recover thesecret key.

Kerkhoff¶s principle: the adversary knows alldetails about a cryptosystem except thesecret key.

Two general approaches: ± brute-force attack

± non-brute-force attack (cryptanalytic attack)

10



Brute-Force Attack

Try every key to decipher the ciphertext.

On average, need to try half of all possible keys

Time needed proportional to size of key space

Key Size (bits) Number of Alternative

Keys

Time required at 1

decryption/µs

Time required at 106

decryptions/µs

32 232 = 4.3 v 109 231 µs = 35.8 minutes 2.15 milliseconds

56 256 = 7.2 v 1016 255 µs = 1142 year s 10.01 hour s

128 2128 = 3.4 v 1038 2127 µs = 5.4 v 1024 year s 5.4 v 1018 year s

168 2168 = 3.7 v 1050 2167 µs = 5.9 v 1036 year s 5.9 v 1030 year s

26 character s

(permutation)

26! = 4 v 1026 2 v 1026 µs = 6.4 v 1012 year s 6.4 v 106 year s

11



12

Cryptanalytic Attacks

May be classified by how much

information needed by the attacker:

± Ciphertext-only attack

± Known-plaintext attack

± Chosen-plaintext attack

± Chosen-ciphertext attack



13

Ciphertext-only attack

Given: a ciphertext c

Q: what is the plaintext m?

An encryption scheme is completelyinsecure if it cannot resist ciphertext-only

attacks.



14

Known-plaintext attack

Given: (m1,c1), (m2,c2), «, (mk,ck) and a

new ciphertext c.

Q: what is the plaintext of c?

Q: what is the secret key in use?



15

Chosen-plaintext attack

Given: (m1,c1), (m2,c2), «, (mk,ck), where

m1, m2, «, mk are chosen by the

adversary; and a new ciphertext c.

Q: what is the plaintext of c, or what is the

secret key?



16

Example: chosen-plaintext attack

In 1942, US Navy cryptanalysts discovered that Japan

was planning an attack on ³AF´.

They believed that ³AF´ means Midway island.

Pentagon didn¶t think so.

US forces in Midway sent a plain message that their

freshwater supplies were low.

Shortly, US intercepted a Japanese ciphertext sayingthat ³AF´ was low on water.

This proved that ³AF´ is Midway.



17

Chosen-ciphertext attack

Given: (m1,c1), (m2,c2), «, (mk,ck), where

c1, c2, «, ck are chosen by the adversary;

and a new ciphertext c.

Q: what is the plaintext of c, or what is the

secret key?



Classical Ciphers

Plaintext is viewed as a sequence of

elements (e.g., bits or characters)

Substitution cipher: replacing each element of

the plaintext with another element.

Transposition (or permutation) cipher:

rearranging the order of the elements of the

plaintext. Product cipher: using multiple stages of

substitutions and transpositions

18



Caesar Cipher

Earliest known substitution cipher

Invented by Julius Caesar

Each letter is replaced by the letter threepositions further down the alphabet.

Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z

Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Example: ohio state RKLR VWDWH

19



Caesar Cipher

Mathematically, map letters to numbers:

a, b, c, ..., x, y, z

0, 1, 2, ..., 23, 24, 25

Then the general Caesar cipher is:

c = EK ( p) = ( p + k ) mod 26

p = DK (c ) = (c ± k ) mod 26

Can be generalized with any alphabet.

20



Cryptanalysis of Caesar Cipher

Key space: {0, 1, ..., 25}

Vulnerable to brute-force attacks.

E.g., break ciphertext "UNOU YZGZK³

Need to recognize it when have the

plaintext What if the plaintext is written in Swahili?

21



Monoalphabetic Substitution Cipher

Shuffle the letters and map each plaintext letter to a

different random ciphertext letter:

Plain letters: abcdefghijklmnopqrstuvwxyz

Cipher letters: DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext: if wewishtoreplaceletters

Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

What does a key look like?

22



Monoalphabetic Cipher Security

Now we have a total of 26! = 4 x 1026 keys.

With so many keys, it is secure against

brute-force attacks.

But not secure against some cryptanalytic

attacks.

Problem is language characteristics.

23



Language Statistics and Cryptanalysis

Human languages are not random.

Letters are not equally frequently used.

In English, E is by far the most common letter,followed by T, R, N, I, O, A, S.

Other letters like Z, J, K, Q, X are fairly rare.

There are tables of single, double & triple letter frequencies for various languages

24



English Letter Frequencies

25



Statistics for double & triple letters

In decreasing order of frequency

Double letters:th he an in er re es on, «

Triple letters:the and ent ion tio for nde, «

26



Use in Cryptanalysis

Key concept: monoalphabetic substitution does

not change relative letter frequencies

To attack, we

± calculate letter frequencies for ciphertext

± compare this distribution against the known

one

27



Example Cryptanalysis

Given ciphertext:UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ

VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX

EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

Count relative letter frequencies (see next page) Guess {P, Z} = {e, t}

Of double letters, ZW has highest frequency, soguess ZW = th and hence ZWP = the

Proceeding with trial and error finally get:it was disclosed yesterday that several informal but

direct contacts have been made with political

representatives of the viet cong in moscow

28



Letter frequencies in ciphertext

P 13.33 H 5.83 F 3.33 B 1.67 C 0.00

Z 11.67 D 5.00 W 3.33 G 1.67 K 0.00

S 8.33 E 5.00 Q 2.50 Y 1.67 L 0.00

U 8.33 V 4.17 T 2.50 I 0.83 N 0.00

O 7.50 X 4.17 A 1.67 J 0.83 R 0.00

M 6.67

29



What type of attack?

Ciphertext-only attack

Known-plaintext attack

Chosen-plaintext attack

Chosen-ciphertext attack

30



Playfair Cipher

Not even the large number of keys in amonoalphabetic cipher provides security.

One approach to improving security is toencrypt multiple letters at a time.

The Playfair Cipher is the best knownsuch cipher.

Invented by Charles Wheatstone in 1854,but named after his friend Baron Playfair.

31



Playfair Key Matrix

Use a 5 x 5 matrix.

Fill in letters of the key (w/o duplicates).

Fill the rest of matrix with other letters. E.g., key = MONARCHY.

MM OO NN A A RR

CC HH YY BB DD

EE FF GG I/JI/J KK

LL PP QQ SS TT

UU VV WW XX ZZ

32



Encrypting and Decrypting

Plaintext is encrypted two letters at a time.

1. If a pair is a repeated letter, insert filler like 'X¶.

2. If both letters fall in the same row, replace

each with the letter to its right (circularly).

3. If both letters fall in the same column, replace

each with the the letter below it (circularly).

4. Otherwise, each letter is replaced by the letter in the same row but in the column of the other

letter of the pair.

33



Security of Playfair Cipher

Equivalent to a monoalphabetic cipher with analphabet of 26 x 26 = 676 characters.

Security is much improved over the simple

monoalphabetic cipher.

Was widely used for many decades ± eg. by US & British military in WW1 and early WW2

Once thought to be unbreakable.

Actually, it can be broken, because it still leavessome structure of plaintext intact.

34



Polyalphabetic Substitution Ciphers

A sequence of monoalphabetic ciphers (M1, M2,

M3, ..., Mk) is used in turn to encrypt letters.

A key determines which sequence of ciphers to

use.

Each plaintext letter has multiple corresponding

ciphertext letters.

This makes cryptanalysis harder since the letter frequency distribution will be flatter.

35



Vigenère Cipher

Simplest polyalphabetic substitution cipher

Consider the set of all Caesar ciphers:

{ Ca, C

b, C

c, ..., C

z}

Key: e.g. security

Encrypt each letter using Cs, Ce, Cc, Cu, Cr ,Ci, Ct, Cy in turn.

Repeat from start after Cy.

Decryption simply works in reverse.

36



Example of Vigenère Cipher

Keyword: dece ptiv e

key: deceptivedeceptivedeceptive

plaintext: wearediscoveredsaveyourself

ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ

37



Security of Vigenère Ciphers

There are multiple (how many?) ciphertext letterscorresponding to each plaintext letter.

So, letter frequencies are obscured but not totally lost.

To break Vigenere cipher:

1. Try to guess the key length. How?

2. If key length is N, the cipher consists of N Caesar

ciphers. Plaintext letters at positions k, N+k, 2N+k,

3N+k, etc., are encoded by the same cipher.

3. Attack each individual cipher as before.

38



Guessing the Key Length

Main idea: Plaintext words separated by multiplesof the key length are encoded in the same way.

In our example, if plaintext = ³«thexxxxxxthe«´then ³the´ will be encrypted to the same ciphertextwords.

So look at the ciphertext for repeated patterns.

E.g. repeated ³VTW´ in the previous example

suggests a key length of 3 or 9:ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ

Of course, the repetition could be a random fluke.

39



Rotor Cipher Machines

Before modern ciphers, rotor machines were most commoncomplex ciphers in use.

Widely used in WW2.

Used a series of rotating cylinders. Implemented a polyalphabetic substitution cipher of period K.

With 3 cylinders, K = 263 =17,576.

With 5 cylinders, K = 265 =12 x 106.

What is a key? ± If the adversary has a machine

± If the adversary doesn¶t have a machine

40



41



German secret setting sheets

42

DateWhich rotors to use (there were 10 rotors)

Ring setting

Plugboard setting



The Rotors

43



Enigma Rotor Machine

44



Enigma Rotor Machine

45



Transposition Ciphers

Also called permutation ciphers.

Shuffle the plaintext, without altering the

actual letters used. Example: Row Transposition Ciphers

46



Row Transposition Ciphers

Plaintext is written row by row in a rectangle.

Ciphertext: write out the columns in an order

specified by a key.

Key: 3 4 2 1 5 6 7

Plaintext:

Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ

a t t a c k p

o s t p o n e

d u n t i l t

w o a m x y z

47



Product Ciphers

Uses a sequence of substitutions and

transpositions

± Harder to break than just substitutions or

transpositions

This is a bridge from classical to modern ciphers.

48



Unconditional & Computational

Security

A cipher is unconditionally secure if it issecure no matter how much resources(time, space) the attacker has.

A cipher is computationally secure if thebest algorithm for breaking it will requireso much resources (e.g., 1000 years) that

practically the cryptosystem is secure. All the ciphers we have examined are not

unconditionally secure.

49



An unconditionally Secure Cipher

50

1 2 3 4

1 2 3 4

1 2 3 4

Key = (random, )

Plaintext =

Cipherte

Vernam¶s one-time pad cip

used one-time only

xt =

where

Can be proved to be unconditionally sec

her

ur .e

i i i

k k k k

m m m m

c c c c

c m k !

y

y

y

y



Steganography

Hide a message in another message.

E.g., hide your plaintext in a graphic image

± Each pixel has 3 bytes specifying the RGB

color ± The least significant bits of pixels can bechanged w/o greatly affecting the image quality

± So can hide messages in these LSBs

Advantage: hiding existence of messages

Drawback: high overhead

51



52

Take a 640x480 (=30,7200) pixel image.

Using only 1 LSB, can hide 115,200 characters Using 4 LSBs, can hide 460,800 characters.



53



Summary

Have considered:

± classical cipher techniques and terminology

± monoalphabetic substitution ciphers

± cryptanalysis using letter frequencies

± Playfair cipher

± polyalphabetic ciphers

± transposition ciphers

± product ciphers and rotor machines

± stenography54

2 classical encryption

Documents